I am creating a web site which, among other things, databases pictures. For simplicity lets say that every picture can have a description and a file path, and this is stored in a table, like so
CREATE TABLE IF NOT EXISTS picture
(
ID INT NOT NULL AUTO_INCREMENT,
description VARCHAR(150),
file VARCHAR(150) NOT NULL,
PRIMARY KEY(ID)
) ENGINE=InnoDB;
Rather than storing all these pictures in a single location and assigning arbitrary file paths, I want the user to be able to upload the pictures via ftp to a unix account and create their own directory hierarchy. This way they can use ftp/sftp/scp to copy them, or ssh and, use other Linux programs, like imagemagik or zip. Or to change permissions for pictures (see below)
Now I realize this will cause problems if the user decides to delete pictures or move them, but I suppose there are ways around this (database does not guarantee pictures will be there, write protect pictures, re-implement mv/rm…)
I have very little databasing experience. I wanted to know if this is advisable. Specifically, whether its good to use Linux file permisions as database permissions. So for example, user Manderly could create group MJ12 and add users WSimons, BPage, and ANavarre to it, then on the website those users would have access to these pictures (not automatically I know, but scripted via PHP) AND they could sftp/ftp/scp them as well.
After getting answers to other questions from the community, I can now answer my own question.
It is obviously possible to implement this in PHP by using
/etc/passwd, getting file permissions viaint fileperms ( string $filename ), and either updating the database with those, or using them as a check before allowing access to files. This however is overkill. It is easier to simply use suPHP.As to whether it’s advisable, general consensus at SO seems to be that one should only implement such a server if it serves a purpose. This can be taken to be mean “it’s generally not advisable”